Home » Tag Archives: Security (page 4)

Tag Archives: Security

Self-Signed Certificate for Apache TomEE (and Tomcat)

Probably in most of your Java EE projects you will have part or whole system with SSL support (https) so browsers and servers can communicate over a secured connection. This means that the data being sent is encrypted, transmitted and finally decrypted before processing it. The problem is that sometimes the official “keystore” is only available for production environment and ...

Read More »

Signing Digital Certificates with OpenSSL Library

While working on the pgopenssltypes extension I realized that I haven’t discussed how to sign digital certificates using the OpenSSL library. (At least I don’t recall doing so – I might have discussed this in the early days of the blog. I’m pretty sure I’ve already discussed signing digital certificates with the BouncyCastle (java) library.) My pgopenssltypes extension will have ...

Read More »

Adding OpenSSL User-Defined Types to PostgreSQL

PostgreSQL supports user-defined types (UDT). These types can be used to provide type-safety on user-defined functions when we would otherwise be forced to use simple BLOB objects. This comes at a significant cost. Many databases support UDT but implementation details vary widely so there’s a significant amount of vendor lock-in. In addition C language UDT require deployment via PostgreSQL extensions ...

Read More »

Database Threat Models

I finally have a breather and can start working through my backlog of ideas. I start with some background that will make the motivation for subsequent posts clearer. What are the threat models for the persistence layer of an application, specificially the threats against the database itself? Remember that a ‘threat’ is an adverse act, whether intentional (by an attacker) ...

Read More »

In Favour of Self-Signed Certificates

Today I watched the Google I/O presentation about HTTPS everywhere and read a couple of articles, saying that Google is going to rank sites using HTTPS higher. Apart from that, SPDY has mandatory usage of TLS, and it’s very likely the same will be true for HTTP/2. Chromium proposes marking non-HTTPS sites as non-secure. And that’s perfect. Except, it’s not ...

Read More »

Revamping WSO2 API Manager Key Management Architecture around Open Standards

WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for scalably routing API traffic. It leverages proven, production-ready integration, security, and governance components from the WSO2 Enterprise Service Bus, WSO2 Identity Server, and WSO2 Governance Registry. In addition, it leverages the WSO2 Business Activity Monitor for Big Data analytics, giving ...

Read More »

Securing the Insecure

The 33 years old, Craig Spencer returned back to USA on 17th October from Africa after treating Ebola patients. Just after few days, he was tested positive for Ebola. Everyone was concerned – specially the people around him – and the New Yorkers. The mayor of the New York came in front of the media and gave an assurance to ...

Read More »

How to setup custom SSLSocketFactory’s TrustManager per each URL connection

We can see from javadoc that javax.net.ssl.HttpsURLConnection provided a static method to override with setDefaultSSLSocketFory() method. This allow you to supply a custom javax.net.ssl.TrustManager that may verify your own  CA certs handshake and validation etc. But this will override the default for all “https” URLs per your JVM! So how can we override just a single https URL? Looking at ...

Read More »

Single Sign-On with the Delegated Access Control Pattern

Suppose a medium-scale enterprise has a limited number of RESTful APIs. Company employees are allowed to access these APIs via web applications while they’re behind the company firewall. All user data is stored in a Microsoft Active Directory, and all the web applications are connected to a Security Assertion Markup Language (SAML) 2.0 identity provider to authenticate users. The web ...

Read More »

Want to take your Java skills to the next level?

Grab our programming books for FREE!

Here are some of the eBooks you will get:

  • Spring Interview QnA
  • Multithreading & Concurrency QnA
  • JPA Minibook
  • JVM Troubleshooting Guide
  • Advanced Java
  • Java Interview QnA
  • Java Design Patterns